VYPR

Get Custom Field Values

by WordPress

CVEs (3)

  • CVE-2021-24872MedDec 13, 2021
    risk 0.42cvss 6.5epss 0.01

    The Get Custom Field Values WordPress plugin before 4.0 allows users with a role as low as Contributor to access other posts metadata without validating the permissions. Eg. contributors can access admin posts metadata.

  • CVE-2023-45604MedOct 18, 2023
    risk 0.38cvss 5.9epss 0.00

    Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Scott Reilly Get Custom Field Values plugin <= 4.0.1 versions.

  • CVE-2021-24871MedDec 13, 2021
    risk 0.35cvss 5.4epss 0.01

    The Get Custom Field Values WordPress plugin before 4.0.1 does not escape custom fields before outputting them in the page, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks